geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From YunFeng Ma <>
Subject Re: Secured connection
Date Mon, 25 Jun 2007 02:22:19 GMT

Maybe you can take MagicGball as a reference. You can
get it from:

MagicGball demonstrates the application client
accesses the EJBs via non-security CORBA and security

Hope it helpful.

YunFeng Ma

On 2007-06-25 01:05:28, David Jencks
<> wrote:
>On Jun 24, 2007, at 12:13 PM, Tero Mäntyvaara wrote:
>> David Jencks wrote:
>>> Please send to only one list at a time, this is
more appropriate for
>>> the user list.
>> I am really sorry, I will not do that again. :-/
>>> On Jun 21, 2007, at 7:45 AM, Tero Mäntyvaara
>>>> Does latest G support secured (read encrypted)
connection between  
>>>> server
>>>> and client?
>>> That depends on the protocol you want to use and
possibly on the
>>> version of geronimo you want to use.  I'll assume
you are using
>>> geronimo 2.0 (trunk)
>> I was thinking the latest, so it will be then 2.0.
>>> web/https -- yes
>>> jaxrpc/jaxws/soap -- yes
>>> ejb using corba -- yes
>>> ejb using openejb proprietary protocol -- not
turned on by default,
>>> and I'm not sure if you can turn it on without
extra programming.
>> I was planning to use encrypted connection between
remote EJB- 
>> component
>> and Java-application. So my alternatives are CORBA
and openEJB. I  
>> would
>> like to use this J2EE compliant CORBA-connection.
How has this
>> en-/decryption been accomplished then?
>It's not clear to me if your java-application is the
client or server  
>here, nor if it is running in a javaee container. 
I'm going to  
>assume that  it  is the client and is either a javaee
>application running in geronimo app client container
or another  
>javaee application.  It's possible to use corba from
a non-javaee  
>application but you have to set up quite a bit of
configuration in code.
>I would start by looking at the examples in <geronimo
server trunk>/ 
>testsuite/corba-testsuite.  These are all set up to
use no security,  
>but you can see which objects you need to configure. 
On the server  
>side you need a TSSBeanGBean that specifies the
required and allowed  
>security properties to use the server ejb, and on the
client side  
>there's a corresponding CSSBeanGBean that specifies
what the client  
>is willing to supply.
>There are a lot of choices.  There are 3 layers
>- transport layer.  You can specify unprotected, ssl,
or ssl with  
>client certificate.  IIRC the client certificate can
be used identify  
>the client.
>- AS layer (Application Security??? I can't remember
what it stands  
>for)  At this layer you can specify that the client
will identify  
>itself using username/password.  (GSSUP)
>- SAS layer.  (Security Attribute Service) If the
client is working  
>on behalf of a user other than the user who is
running the client  
>itself (for instance if it is a server), you can
propagate the actual  
>user identity using an identity token.  However the
user will not be  
>reauthenticated on the server: the server will trust
that the client  
>has already performed proper authentication.  Note
that this is  
>reasonable if e.g. you have authenticated the client
via a trusted  
>client certificate and are using ssl transport.
>There are some schemas for the css and tss bean
configurations, corba- 
>css-config-2.1.xsd and corba-tss-config-2.1.xsd.  If
you have trouble  
>figuring out what to specify, tell us what options
you want and we'll  
>try to help come up with an appropriate
>david jencks
>>> thanks
>>> david jencks
>>>> Tero Mäntyvaara
>> Tero Mäntyvaara

Moody friends. Drama queens. Your life? Nope! - their life, your story. Play Sims Stories
at Yahoo! Games.  

View raw message